There are several methods for redirecting your Apache-based website visitors who might type your servers URL using the plain (non-secure) HTTP protocol to be sent to the encrypted HTTPS version of your website which effectively, forces any visitor to your website to HTTPS.
The method below is my favorite for its simplicity and my own experience with it that it worked 100% of the time.
Before adding the redirection code to your Apache's config file you'd obviously need to have a working Apache and SSL configuration for your website, preferably with a valid SSL certificate. Once that condition is satisfied, the next step is to make sure that you have Apache's rewrite module installed and loaded.
You could quickly find out if your serve has the rewrite module installed and loaded by running the following command: apache2ctl -M
The above command will return a list of installed & loaded modules, look for the following entryrewrite_module
Or, you could run the command this way: apache2ctl -M|grep rewrite which will give you this output - assuming that you do have the rewrite module installed and loaded-
rewrite_module (shared)
if not, then you need to add this module by following the instructions for your particular O.S flavor
First and last step for sending HTTP to HTTPS:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
Save your conf file and run /usr/sbin/apache2ctl configtest to make sure that your conf file is free of syntax errors before you reload Apache. Once the configtest returns the result of "Syntax OK" you can run /usr/sbin/apache2ctl restart to apply your changes.
Finally, verify your work results by accessing the website you modified via your browser and make sure to call the website using http://your-server.com and watch your browser redirect you to the https://your-server.com
No comments:
Post a Comment